Web attacks target human rights sites

Many protest groups are being hit by web attacks that effectively silence them, says research

Human rights groups and campaigners are being hit hard by huge web attacks launched by those opposed to their views, finds research.

Many web-based campaigning groups are being knocked offline for weeks by the attacks, it found.

The researchers expect the tempo of attacks to increase as the tools and techniques become more widespread.

It urged human rights groups and independent media groups to beef up their defences to avoid falling victim.

Flash flood

The research by the Berkman Center for Internet and Society at Harvard University tried to get a sense of how often human rights groups and independent media organisations are hit by what is known as Distributed Denial of Service (DDoS) attacks.

DDoS attacks try to knock a site offline by overwhelming it with data.

In the 12 months between August 2009 and September 2010 the research found evidence of 140 attacks against more than 280 different sites. The report acknowledged that these were likely to be the most high profile attacks and that many more had probably gone unreported.

"These attacks do seem to be increasingly common," said Ethan Zuckerman, one of the authors of the report.

While some attacks were triggered by specific incidents such as elections, others had no obvious cause, he said.

What is a DDoS attack?

A Distributed Denial of Service (DDoS) attack aims to make websites inaccessible

The attackers commonly use networks of compromised computers - called a botnet - that they control to launch the attacks

By overwhelming the target site with requests, the attackers can ensure that genuine visitors cannot reach the site

These requests look like genuine web traffic so can be hard to filter out

Typically, such attacks have been aimed at high-profile websites, such as those belonging to government departments, banks and political organisations

The report cites a sustained DDoS attack on Novaya Gazeta, the website of Russia's most liberal independent newspaper.

The report finds that DDoS is increasingly being used as a political tool and as a form of protest.

Attacks that recruit participants in so-called volunteer DDoS are proving popular

The report gives the example of the organisation 'Help Israel Win' which recently invited individuals to install a software package, dubbed Patriot DDos, on their computers so the machine could be used to launch attacks, on what the authors assume would be Palestinian targets.

The most recent example of a volunteer DDoS comes from Anonymous, a loose-knit group of activists, who used the method to launch attacks on the websites of firms it perceived to be anti-Wikileaks.

DDoS attacks could hit small media groups and campaigners hard because the organisations have such limited resources, said Mr Zuckerman.

"If you are a human rights organisation or independent media organisation you might be using an account you are paying £20 a month for and its very hard at that level of hosting to fend off DDoS," he told the BBC.

The attacks did not have to be prolonged, he said, to cause real problems for small campaigning groups.

There are certain attacks that seem to work if you have only one or two machinesEthan Zuckerman

"They just have to do it long enough to annoy their ISP and they will kick them off and then they have to find another place to host," said Mr Zuckerman.

Easy tools

The work of some groups only appears on the web, said Mr Zuckerman, so knocking them offline effectively silences the campaigners. It can take a long time for some to find a new host, upload content and re-build a site.

He said: "We see sites that do not come back online for two to three weeks."

The report also found that DDoS attacks are often only the most visible element of a much broader attack against a site or group.

"There's a very good chance that if you are experiencing DDoS you are being filtered, sent targeted e-mail to get access to your system or to snatch your passwords," he said.

Mr Zuckerman said some DDoS attacks logged in the report used hundreds or thousands of PCs in a botnet - networks of hijacked home computers - but others had just as big an effect with far fewer resources.

"There are certain attacks that seem to work if you have only one or two machines," he said.

What might cause problems in the future, he suggested, would be easy-to-use tools like those employed by Anonymous activists in support of Wikileaks.

"It seems like DDoS has become easier for more people to engage in," he said. "The threats do seem to be increasing."

In response, he said, rights groups needed to work hard to understand the threats and prepare in case they were hit.

"This community needs to get much, much smarter and much more knowledgeable," he said.